[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-4895":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":27,"readmeContent":28,"aiSummary":29,"trendingCount":16,"starSnapshotCount":16,"syncStatus":30,"lastSyncTime":31,"discoverSource":32},4895,"evilginx2","kgretzky\u002Fevilginx2","kgretzky","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication","",null,"Go",15170,2653,346,272,0,6,27,105,28,45,"BSD 3-Clause \"New\" or \"Revised\" License",false,"master",true,[],"2026-06-12 02:01:05","\u003Cp align=\"center\">\n  \u003Cimg alt=\"Evilginx2 Logo\" src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fkgretzky\u002Fevilginx2\u002Fmaster\u002Fmedia\u002Fimg\u002Fevilginx2-logo-512.png\" height=\"160\" \u002F>\n  \u003Cp align=\"center\">\n    \u003Cimg alt=\"Evilginx2 Title\" src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fkgretzky\u002Fevilginx2\u002Fmaster\u002Fmedia\u002Fimg\u002Fevilginx2-title-black-512.png\" height=\"60\" \u002F>\n  \u003C\u002Fp>\n\u003C\u002Fp>\n\n# Evilginx 3.0\n\n**Evilginx** is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.\n\nThis tool is a successor to [Evilginx](https:\u002F\u002Fgithub.com\u002Fkgretzky\u002Fevilginx), released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website.\nPresent version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.\n\n\u003Cp align=\"center\">\n  \u003Cimg alt=\"Screenshot\" src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fkgretzky\u002Fevilginx2\u002Fmaster\u002Fmedia\u002Fimg\u002Fscreen.png\" height=\"320\" \u002F>\n\u003C\u002Fp>\n\n## Disclaimer\n\nI am very much aware that Evilginx can be used for nefarious purposes. This work is merely a demonstration of what adept attackers can do. It is the defender's responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.\n\n## Evilginx Pro is now available!\n\nThis is it! After over two years of development, countless delays, and hundreds of manual company verifications, concluded with multiple hurdles related to export regulations, [Evilginx Pro is finally live!](https:\u002F\u002Fevilginx.com)\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fevilginx.com\">\u003Cimg alt=\"Evilginx Mastery\" src=\"https:\u002F\u002Fbreakdev.org\u002Fcontent\u002Fimages\u002Fsize\u002Fw2000\u002F2025\u002F03\u002Fevilginx_pro_release_cover.png\" height=\"320\" \u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\nEvilginx Pro is the fruit of a passion I've had for a long time in developing offensive security tools for cybersecurity enthusiasts. The journey has just begun, and now that the product is officially released, I can focus on making it even better by implementing all the ideas I've planned for it.\n\n### Key features:\n\n- Out-of-the-box **phishing detection evasion** (including Chrome's Enchanced Browser Protection)\n- Tested and maintained **official phishlets database**\n- **Botguard** to **prevent bot traffic** by default (same concept as Cloudflare Turnstile)\n- **Evilpuppet** for advanced phishing capability (Google)\n- External **DNS providers** with multi-domain support\n- **Website spoofing** for unauthorized requests\n- **JavaScript** & **HTML obfuscation**\n- **Wildcard TLS certificates**\n- **Automated** server deployment\n- **SQLite** database support\n\nFind out more on the [official release blog post](https:\u002F\u002Fbreakdev.org\u002Fevilginx-pro-release\u002F).\n\n## Evilginx Mastery Training Course\n\nIf you want everything about reverse proxy phishing with **Evilginx** - check out my [Evilginx Mastery](https:\u002F\u002Facademy.breakdev.org\u002Fevilginx-mastery) course!\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Facademy.breakdev.org\u002Fevilginx-mastery\">\u003Cimg alt=\"Evilginx Mastery\" src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fkgretzky\u002Fevilginx2\u002Fmaster\u002Fmedia\u002Fimg\u002Fevilginx_mastery.jpg\" height=\"320\" \u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\nLearn everything about the latest methods of phishing, using reverse proxying to bypass Multi-Factor Authentication. Learn to think like an attacker, during your red team engagements, and become the master of phishing with Evilginx.\n\nGrab it here:\nhttps:\u002F\u002Facademy.breakdev.org\u002Fevilginx-mastery\n\n## Official Gophish integration\n\nIf you'd like to use Gophish to send out phishing links compatible with Evilginx, please use the official Gophish integration with Evilginx 3.3.\nYou can find the custom version here in the forked repository: [Gophish with Evilginx integration](https:\u002F\u002Fgithub.com\u002Fkgretzky\u002Fgophish\u002F)\n\nIf you want to learn more about how to set it up, please follow the instructions in [this blog post](https:\u002F\u002Fbreakdev.org\u002Fevilginx-3-3-go-phish\u002F)\n\n## Write-ups\n\nIf you want to learn more about reverse proxy phishing, I've published extensive blog posts about **Evilginx** here:\n\n[Evilginx 2.0 - Release](https:\u002F\u002Fbreakdev.org\u002Fevilginx-2-next-generation-of-phishing-2fa-tokens)\n\n[Evilginx 2.1 - First Update](https:\u002F\u002Fbreakdev.org\u002Fevilginx-2-1-the-first-post-release-update\u002F)\n\n[Evilginx 2.2 - Jolly Winter Update](https:\u002F\u002Fbreakdev.org\u002Fevilginx-2-2-jolly-winter-update\u002F)\n\n[Evilginx 2.3 - Phisherman's Dream](https:\u002F\u002Fbreakdev.org\u002Fevilginx-2-3-phishermans-dream\u002F)\n\n[Evilginx 2.4 - Gone Phishing](https:\u002F\u002Fbreakdev.org\u002Fevilginx-2-4-gone-phishing\u002F)\n\n[Evilginx 3.0](https:\u002F\u002Fbreakdev.org\u002Fevilginx-3-0-evilginx-mastery\u002F)\n\n[Evilginx 3.2](https:\u002F\u002Fbreakdev.org\u002Fevilginx-3-2\u002F)\n\n[Evilginx 3.3](https:\u002F\u002Fbreakdev.org\u002Fevilginx-3-3-go-phish\u002F)\n\n## Help\n\nIn case you want to learn how to install and use **Evilginx**, please refer to online documentation available at:\n\nhttps:\u002F\u002Fhelp.evilginx.com\n\n## Support\n\nI DO NOT offer support for providing or creating phishlets. I will also NOT help you with creation of your own phishlets. Please look for ready-to-use phishlets, provided by other people.\n\n## License\n\n**evilginx2** is made by Kuba Gretzky ([@mrgretzky](https:\u002F\u002Ftwitter.com\u002Fmrgretzky)) and it's released under BSD-3 license.\n","Evilginx2 是一个中间人攻击框架，用于钓鱼登录凭证和会话cookie，从而绕过双因素认证。该项目核心功能包括自动化的服务器部署、支持SQLite数据库以及对JavaScript和HTML代码的混淆处理等，能够有效规避现代浏览器的安全检测机制。它完全使用Go语言开发，集成了自有的HTTP与DNS服务，使得安装配置变得十分简便。此工具适用于合法授权下的渗透测试场景，帮助安全研究人员理解和防御此类网络钓鱼攻击。请注意，任何非法使用都是严格禁止的。",2,"2026-06-11 03:01:21","top_language"]